CVE-2020-7509

Name of the Vulnerable Software and Affected Versions Easergy T300 versions 1.5.2 and older

Description The issue is related to improper privilege management, which could allow a remote attacker to elevate their privileges and perform actions such as writing and deleting arbitrary files on the device. This is due to a flaw in the firmware of the Schneider Electric Easergy T300 module controller for automation of transformer substations.

Recommendations For versions 1.5.2 and older, update to a version newer than 1.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.